A Shift in Liability for Credit Card Fraud
For too long, “swiping” a credit card has had at least one meaning too many. There was “swiping” as it pertains to running the magnetic strip of your credit card inside the groove of a small payment terminal to make an in-person payment by credit card to a retailer. But there is also far too much of another kind of “swiping” that pertains to the counterfeiting of credit cards used in that fashion. The magnetic strips—essentially using the same technology used in cassette tapes made in the 1960s—have been too easy for fraudsters to track and then duplicate, running up unauthorized charges even for cardholders who had never lost physical possession of their cards. Traditionally, card issuers have been responsible for the costs of verified instances of credit card fraud and were undoubtedly not happy about bearing those costs.
As of October 1, there will now be a shift in liability in many instances. If card issuers have provided their customers with upgraded credit cards using EMV (the initials of Europay, MasterCard and Visa—the companies that pioneered the standard) chips, the risk of loss for credit card fraud associated with transactions involving the upgraded cards will be borne by retailers that have not upgraded to EMV point-of-sale terminals (essentially, readers into which the chip portion of the card is inserted). Card issuers will still be liable for any fraud on cards that do not feature the new EMV technology.
Beyond the liability shift, the other major change that this transition heralds should be a significant decrease in fraudulent activity involving third parties’ unauthorized use of others’ credit cards. EMV chips make it virtually impossible to counterfeit credit cards. However, they will not necessarily prevent fraud in online transactions. Fraudsters who previously installed “skimmers” or related devices on point-of-sale terminals processing magnetic strip payments will likely now focus on online or phone transactions, as well as retailers not yet able to process in-store payments via EMV chip cards. This shift towards greater security for in-store transactions may place even more of a premium on ensuring the security of stored personal data—for businesses and individuals alike—since accessing a financial services company’s stored data with respect to sensitive customer financial information, for example, may be a criminal’s best remaining path to such illicitly obtained data.
The need for vigilance with private data therefore remains acute, but EMV chips offer a somewhat reassuring example of how technology upgrades can substantially mitigate the risk of certain types of hacks and resulting fraudulent activity.
